[SRU] wsl-pro-service version 0.1.18 for Plucky, Oracular and Noble
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wsl-pro-service (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Noble |
New
|
Undecided
|
Unassigned | ||
Oracular |
New
|
Undecided
|
Unassigned | ||
Plucky |
New
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
This release of wsl-pro-service brings latest enhancements we would like to make sure all of our supported
customers will have access to these improvements on all releases as we approach the GA of Ubuntu Pro
for WSL, system which this service is a key part of.
As before, this service is only applicable for Ubuntu on WSL, its service unit is contained to not even start
if the condition `ConditionVirtu
of Ubuntu on WSL, we're mostly releasing this version to Oracular and later to ensure the package stays available for
future releases as well as for covering the small percentage of users who `do-release-
instances.
The most important changes are:
- Upgrade to the latest Go toolchain to address vulnerabilities GO-2025-3563, GO-2025-3447 and GO-2025-3373.
- Reduce the duration under which wsl-pro-service remains running without being connected to the Windows side:
* That allowed the service to spam the system's journal with too often complaints of connection retrials.
* The existing behaviour was already highlighted by some users when reporting issues, not necessarily
caused by this service, such as:
. https:/
issue issue because of how often that message appears.
. https:/
showing too many logs of wsl-pro-service.
* With the current implementation we reduce the number of connection attempts and increase the duration
systemd takes before restarting the service.
- Increase systemd confinement:
* Due a bug in ubuntu-pro-client we had to reduce the restrictions in the systemd unit in the past to let
it subprocess livepatch, even thought that's not applicable under WSL.
* That bug is fixed in v35 being SRU'ed in LP: #2083973
- Prevents unnecessary re-registration with Landscape
* by passing the CLI flag --register-
[ Test plan ]
== 1. Less loging:
* Make sure the Ubuntu Pro for WSL Windows agent is not running:
- On Windows run `taskkill /f /im ubuntu-
- Depending on the OS settings elevated permissions might be required.
* Install wsl-pro-service version 0.1.18 on Ubuntu on WSL (Noble, Oracular and Plucky should behave exactly
the same)
* Follow it's journal with `journalctl -f -u wsl-pro.service`
* Notice that it starts logging connection attempts too often, backing off exponentially up to 1min interval.
Approximately 10 minutes after attempting to connect without success, it silents.
* systemd should take approximately 20 min to attempt to restart the unit.
== 2. Pro attachment works under systemd restrictions and without livepatch being installed.
(Most of this test case would be testing ubuntu-pro-client v35 indeed, but we must verify that our integration
is not harmed with the changes in wsl-pro-service systemd confinement)
* Create a fresh instance of Ubuntu on WSL:
- On Windows run `wsl.exe --install -d Ubuntu`
* Install ubuntu-pro-agent v35 (currently available via the `-proposed` repository)
* Make sure livepatch is not installed: `sudo snap remove canonical-
* Make sure the Ubuntu on WSL instance is not pro attached: `pro status` (`pro detach` if needed).
* Install wsl-pro-service version 0.1.18 on Ubuntu on WSL (Noble, Oracular and Plucky should behave exactly
the same)
* Install Ubuntu Pro for WSL (download the latest production build from https:/
* Follow this guide to attach your Pro token: https:/
* Follow it's journal with `journalctl -f -u wsl-pro.service`:
- If pro-attaching fails because of systemd restrictions we should see some "permission denied" or "bad system
call" errors in the journal.
- If the livepatch fix was not correct, we should see mentions to `canonical-
- Both conditions should be considered a failure. Otherwise, proceed.
* Confirm pro attachment `pro status` inside the Ubuntu instance.
* Finally assert that canonical-livepatch remains not installed on this machine.
== 3. (Optional) wsl-pro-service outside of WSL
(Ensures the unit does nothing outside of WSL)
* Install wsl-pro-service on an instance of Ubuntu 24.04 (or later) on any platform other than WSL (Desktop,
Server bare-metal or VM, OCI containers).
* Verify that the unit is disabled due unmet condition: `systemctl status wsl-pro.service`
[ Where problems could occur ]
Up until now, wsl-pro-service remains running all the time the unit is alive, thus anytime a user installs the
Ubuntu Pro for WSL application on Windows they could expect the communication with the Windows agents to start
briefly.
With the behaviour changes, that won't be the case always, as the service could just had quit seconds before
and systemd will take about 20min to restart it. Users can always `sudo systemctl restart wsl-pro.service`.
Since the entire system is not yet generally available the number of users affected by this behaviour change
is very minimal, comprising of a handful of beta testers and internal collaborators (such as the
Landscape team).
If the changes in wsl-pro-service landed before ubuntu-pro-client v35, we'd have issues with livepatch already
described. I judge that as almost impossible since the SRU bug LP: #2083973 is older and is very likely to
handle any regressions in time.
[ Other Info ]
I purposefully skipped testing the changes related to Landscape because it's too complex to set up a server
just for this purpose.
We upgraded many vendored Go dependencies, thus they comprise a huge part of the diffs.
[ Changelog ]
wsl-pro-service (0.1.18~22.04.1) jammy; urgency=medium
* Pin Go toolchain to 1.23.8 to fix the following security vulnerabilities:
- GO-2025-3563, GO-2025-3447 and GO-2025-3373 (LP: #2106757)
* Allows the service to quit for longer period of time if the Windows agent
is not reachable.
- resulting in less logging to system journal.
* Removes workaround for livepatch no longer needed since pro-client v35
- systemd service is more confined again.
* Prevents unnecessary re-registration with Landscape
- by passing the CLI flag --register-
* Upgrades various golang dependencies.
-- Carlos Nihelton <email address hidden> Thu, 10 Apr 2025 13:50:32 -0300
wsl-pro-service (0.1.5) oracular; urgency=medium
* Fix UserProfileDir when %USERPROFILE% is empty
* Fix for empty field for landscape SSL public key
* Prevent subprocesses to sent notification to systemd
* Workaround livepatch disable failure
* Remove now unused hostagent UID and move it to our GRPc part
in landscape protocole
* Force all subcommands to run with LC_ALL=C
* Removes dependency on /etc/resolv.conf
* Fix logging level in config
* Upgrade to Go 1.23
* Annotate assertion on int conversion check with bitSize 32
* Add some more tests and enhanced/cleanup existing ones, including mocks
* Fix some flaky tests
* Update some vendored dependencies
* Fix some vendoring scripts
-- Didier Roche-Tolomelli <email address hidden> Tue, 10 Sep 2024 13:24:08 +0200
wsl-pro-service (0.1.4) noble; urgency=medium
* Vendor manually on the host as the go mod vendoring when using
dpkg-
-- Didier Roche-Tolomelli <email address hidden> Fri, 19 Apr 2024 07:56:41 +0200
description: | updated |
no longer affects: | wsl-pro-service (Ubuntu Plucky) |
summary: |
- [SRU] Fix too much logging and fix vulnerabilities GO-2025-3563, - GO-2025-3447 and GO-2025-3373 + [SRU] wsl-pro-service version 0.1.18 for Plucky, Oracular and Noble |
description: | updated |
Proof of builds with the already attached debdiffs can be found on the following PPA links.
Their version numbers are suffixed with the "~ppaN" to ensure version released in the archive will override the PPA version afterwards.
Plucky: /launchpad. net/~cnihelton/ +archive/ ubuntu/ pplayground/ +build/ 30628325 /launchpad. net/~cnihelton/ +archive/ ubuntu/ pplayground/ +build/ 30628326
- AMD64: https:/
- ARM64: https:/
Oracular: /launchpad. net/~cnihelton/ +archive/ ubuntu/ pplayground/ +build/ 30628336 /launchpad. net/~cnihelton/ +archive/ ubuntu/ pplayground/ +build/ 30628337
- AMD64:https:/
- ARM64:https:/
Noble (for this I just uploaded the source as it was instead of rebuilding the source package from the debdiff to ease sponsorship, thus no "~ppaN" suffix in the package version): /launchpad. net/~cnihelton/ +archive/ ubuntu/ pplayground/ +build/ 30630087 /launchpad. net/~cnihelton/ +archive/ ubuntu/ pplayground/ +build/ 30630088
- AMD64: https:/
- ARM64: https:/